














HTExploit - Bypassing .htaccess Restrictions 


I ntroduction 


Matias Katz ( (cDmatiaskatz ) is a Penetration Tester 
who specializes in Web security analysis. He loves to 
build simple tools to perform discovery and exploitation 
on any software or network. He is the founder of Mkit 
Argentina, a company that specializes in penetration 
testing and code auditing services. 


Maximiliano Soler ( (cDmaxisoler ) lives in Buenos 
Aires, Argentina and currently works as Security 
Analyst, in an International Bank. Maxi has discovered 
vulnerabilities in different applications Web and 
Microsoft's products. 
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HTExploit - Bypassing .htaccess Restrictions 


Basic concepts 


.htaccess - What is it and what is it for? 


.htaccess = hypertext access 


It is a distributed configuration file that allows each directory and 
subdirectory to have its own configuration, without the need of 
reconfiguring Apache's main settings file. 


.htaccess usually uses the same syntax as the Web server's main 
configuration files. 
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Basic concepts 

Why attack the protected directories? 

Because is common to find... 

x Backup files 
x Configurations 
x Outdated versions 
x New developments 
x Admin Logins ;) 
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The Tool 


What does mean HTExploit? 


HTExploit (HiperText access Exploit) 


It is an open-source tool written in Python that exploits a weakness 
in the way that .htaccess files can be configured to protect a web 
directory with an authentication process. 


You will be able to list the contents of a directory protected this 
way, bypassing the authentication process. 
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Features 

x Free and Open Source, 
x User-friendly, 
x Flexible, 
x Modularized, 
x Reporting. 

x Integrated with other tools, 
x Multiplatform. 
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Why? 

x An old weakness that is not used by others tools, 
x A lot of websites recommending how to create wrong .htaccess. 
x Not having found tools that met our needs, 
x Research for fun and profit! 
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What is NOT HTExploit? 

x Not a one click Pwnage tool, 
x Not a replacement for others open source tools, 
x Not completely integrated with other solutions. 
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Links 

HTExploit Web Site 

http:/ / www.mkit.com.ar/ labs/ htexploit 

HTTP Authentication: Basic and Digest Access Authentication 

http://tools.ietf.org/html/rfc2617 

Apache Tutorial: .htaccess files 

http://httpd.apache.Org/docs/2.0/howto/htaccess.htnnl 

Common Configuration Problems: Issue #81 (090597) 

http://www.apacheweek.eom/issues/97-09-05#confiqerrors 
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Thank you!! 


Mat fas Katz 

Twitter: (cDmatiaskatz 


Maximiliano Soler 

Twitter: (cDmaxisoler 


The potential of any tool or technique is limited only by the imagination of the user. 
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